Boot Logging and Handling Loaded Modules

The Boot logger feature records all modules loaded when your system boots. These include items like drivers, system files, DLLs, executables and so on. Killswitch displays these modules along with their attributes and a trust rating under a new 'Loaded Modules' tab after your system has rebooted. This functionality allows you to check whether unsafe (or even just unwanted) modules are being loaded. In extreme cases, it will allow you to detect and delete malicious boot items installed by spyware, key loggers, rootkits or other malware.

To configure for Boot Logging

From the 'Tools' menu, click 'Enable Boot Logging'

KillSwitch will request a restart of your computer to log all the modules that are loaded during the next re-boot.

Save all your work and click 'Yes'. Your system will re-start. Upon restart, KillSwitch will be started automatically and show all the loaded modules loaded to your system.

Loaded Modules window - Descriptions of Columns

Column

Description

Name

Shows the name of the module. Clicking the column header sorts the entries in alphabetical order of the module names.

Path

Shows the storage path of the module.

Load Time (in seconds)

Shows time taken for loading the module.

Rating

Shows the result of scanning performed by KillSwitch on the module. Modules that are rated as unsafe or unknown will be highlighted for easy identification.

Description

Shows a brief description of the module.

Company Name

Shows the vendor of the module.

Tip: Clicking any of the column header sorts the list in alphabetical/numerical order of the entries in it.

Double-clicking a module opens its 'Properties' dialog

Filtering the Loaded Modules List

Click 'View' > 'Hide Trusted Loaded Modules' to show only modules identified as 'untrusted' or 'unknown':

Handling Loaded Modules

You can viewing properties of or remove loaded module by right clicking on it and selecting the required option from the context sensitive menu.

Delete - Removes the Module from your system. This ensures that the module is not loaded to your system from the next boot onwards.

Open Containing Folder - Opens the folder containing the module in Windows Explorer.

Properties... - Opens the properties dialog of the selected Module.

Search Online - Opens the default web browser of your system with the search engine specified and searches for information on the module on the web.

Send to COMODO - Submits the module for analysis to Comodo, as False Positive (if identified as suspicious by KillSwitch) or as Suspicious file as selected from the sub-menu. You can submit the files which you suspect to be a malware. The files will be analyzed by experts and added to global white list or black list accordingly in order to benefit all the users of Comodo security products world wide.